CVE-2025-8772

Name of the Vulnerable Software and Affected Versions: Vinades NukeViet versions up to 4.5.06

Description: A problematic vulnerability has been identified in Vinades NukeViet. The issue is related to unknown processing of the file /admin/index.php?language=en&nv=upload within the Module Handler component, leading to server-side request forgery (SSRF). The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Vinades NukeViet versions prior to 4.5.06: At the moment, there is no information about a newer version that contains a fix for this vulnerability.